[Mailman-Users] spam, spamcop and mailman moderation

Brad Knowles brad at shub-internet.org
Mon Nov 13 19:20:20 CET 2006 

At 4:18 PM +0900 11/13/06, stephen at xemacs.org wrote:

>  > Signed mail causes the CPU of the mail server to have to do expensive
>  > crypto calculations that are many, many orders of magnitude beyond
>  > anything that had ever been done in the past, on a per-message basis.
>
>  If you insist that the server do the signature, yes.  Did you miss the
>  part where I said you have to educate users for this to work?

No amount of user education is going to help.  First off, they need 
to be running suitable software.  Very little client-side software 
supports DKIM or other similar sorts of technologies, and this kind 
of thing is pretty useless if it's not widely implemented.

DKIM was specifically designed so that it could slip in as a "shim" 
on the server side, to start ramping up this process quickly, because 
they knew it would take a long time to be supported on the majority 
of clients.


But the problem is that it *has* to be supported on the server 
receiver in order to be useful at all -- that's the only place where 
you can do those calculations while the sender is being held open, so 
that you can make a decision as to whether or not to accept that 
message.

Otherwise, you might as well just blindly accept everything in the 
first place, and let the client deal with all problems.

>  > At that point, you might as well just shut down all Internet e-mail anyway.
>
>  For those who don't sign their messages, yes.  The rest of us will be
>  back in the friendly-user world because only our friends will be able
>  to send us mail. :-/

Not really, no.  Because only the spammers will have enough CPU power 
necessary to do all those calculations.  No recipient system will be 
capable of doing massive crypto calculations for each and every 
message that is received, so they will all get buried under the load.

>  > Actually, spammers have totally unlimited CPU power available to
>  > them, so they might be the only ones on the planet who are able to
>  > handle doing signed e-mail for all messages.
>
>  Because they are using owned machines, you mean.  Well, if those
>  machines can do crypto for the spammers, they can do crypto for their
>  nominal owners.  And if email is going to survive, by your
>  projections, they're going to have to.

It doesn't matter where or how the spammers get their CPU cycles, 
what matters is that they have them, and they continue to get more of 
them at a faster rate than the rest of us can stand up new servers to 
deal with the massive waves of spam.

We're losing this war, and we're losing it faster and faster every day.

>  > It doesn't matter that the signed message is actually traceable back
>  > to a particular person, it just matters that it's signed.
>
>  Then it's just hashcash, and it can't scale.  We already knew that.

Yup.

-- 
Brad Knowles, <brad at shub-internet.org>

Trend Micro has announced that they will cancel the stop.mail-abuse.org
mail forwarding service as of 15 November 2006.  If you have an old
e-mail account for me at this domain, please make sure you correct that
with the current address.

More information about the Mailman-Users mailing list